Staff Member

Check to see if their email account is listed in the "Login/Brute History Report" within "WHM Home » Security Center » cPHulk Brute Force Protection". It's possible there have been brute force attempts on their email account or several failed login attempts that have resulted in it getting blocked by cPhulkd.

It may be worth keeping in mind that by disabling that setting, you are also disabling LFD's ability to detect and block brute force attacks on your smtp server. Unless you have something else running to do this, such as cPHulk, bots may be able to obtain mailbox passwords via brute force attacks.